A patch is a piece of software designed to modify or replace a computer program or its supporting data. Patches may be designed to add features and/or to fix security vulnerabilities and other bugs, for example. Many patches are distributed as binary code, not as source code. Binary patches modify a program executable (the code that runs on a machine), by modifying the program's binary file(s) to include the fixes or by completely replacing the binary file(s). A patch that can be applied to a program while the program is running is called a “hot patch”. Large patches are sometimes referred to as “service packs”, “software updates”, or “software packages”.
Some approaches install patches automatically. Automated installation is often used for patching server software and operating systems, for instance. In particular, security patches are often automatically downloaded and applied, in order to remove vulnerabilities that would otherwise be exploitable. Security patches are widely used to fix security vulnerabilities, and may be analyzed by researchers and other people who did not create the patch. Analysis of the changes made by a patch can be helpful in understanding the vulnerabilities addressed by the patch, and in preparing signatures for use by anti-malware software.